CVE-2015-5214

CWE-119 — Buffer Overflow CWE-129 — Improper Array Index Validation9 documents8 sources

Severity

6.8MEDIUM

EPSS

35.6%

top 2.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice Libreoffice Libreoffice Canonical Ubuntu Linux +1 more

Timeline

PublishedNov 10

Latest updateMay 17

Description

LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDapache/openoffice4.1.1

▶Debianlibreoffice< 1:5.0.1~rc2-1+3

▶NVDlibreoffice/libreoffice4.4.5

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

GHSA

GHSA-88vm-phwg-9p3m: LibreOffice before 4↗2022-05-17

▶

OSV

CVE-2015-5214: LibreOffice before 4↗2015-11-10

▶

CVEList

CVE-2015-5214: LibreOffice before 4↗2015-11-10

▶

📋Vendor Advisories

Ubuntu

LibreOffice vulnerabilities↗2015-11-05

▶

Red Hat

libreoffice: Bookmarks in DOC documents are insufficiently checked causing memory corruption↗2015-11-04

▶

Debian

CVE-2015-5214: libreoffice - LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2...↗2015

▶

💬Community

Bugzilla

CVE-2015-5214 libreoffice: Bookmarks in DOC documents are insufficiently checked causing memory corruption↗2015-11-06

▶

Bugzilla

CVE-2015-5214 libreoffice: Bookmarks in DOC documents are insufficiently checked causing memory corruption [fedora-all]↗2015-11-06

▶